All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018

Protected by

{"id": "H1:291200", "hash": "75f01cee2d5721e9f1058829d5782469", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Kaspersky Lab: Hard Coded username and password in registry", "description": "I was using a tool called RegShot to take a snap shot of the registry before and after installation in order to see what changes were being made in the registry and I discovered hard-coded credentials\n\nI have attached the full comparison details of the registry changes\n\nbut these are the lines and reg entries where the credentials are stored:\n\n HKLM\\SOFTWARE\\Wow6432Node\\KasperskyLab\\AVP17.0.0\\environment\\dump\\User: \"kavdumps\"\nHKLM\\SOFTWARE\\Wow6432Node\\KasperskyLab\\AVP17.0.0\\environment\\dump\\Password: \"UxzAbKFLufVBSg8Y\"\nHKLM\\SOFTWARE\\Wow6432Node\\KasperskyLab\\AVP17.0.0\\environment\\dump\\FTP: \"kavdumps.kaspersky.com\"\n\nI was able to open browser and navigate to ftp://kavdumps.kaspersky.com which gave me a login prompt.\nI used the username: kavdumps \nand password of: UxzAbKFLufVBSg8Y\n\nI was able to login. The directory was empty however\n\nI have attached a video and the log file\n\nI have seperated the lines so it is easier to find in the file.\n", "published": "2017-11-17T14:33:24", "modified": "2018-05-06T19:51:42", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/291200", "reporter": "bluedangerforyou", "references": [], "cvelist": [], "lastseen": "2018-05-06T23:56:11", "history": [], "viewCount": 13, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-05-06T23:56:11"}, "dependencies": {"references": [], "modified": "2018-05-06T23:56:11"}, "vulnersScore": 4.3}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "kaspersky", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/002/379/3308e2898b67ff8839e98c378dacb357ab97dabb_medium.png?1502716203", "small": "https://profile-photos.hackerone-user-content.com/000/002/379/e9c6281c3af4b6aa0d5216af8d49f969972bf528_small.png?1502716203"}, "url": "https://hackerone.com/kaspersky"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/212/167/ab73e165d2677b439450fe9f632fa8a1dbf2f3f3_small.jpg?1509097949"}, "url": "/bluedangerforyou", "username": "bluedangerforyou"}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.hackerone.HackerOneBulletin", "robots.models.base.Bulletin"]}